ByteOS Network

NVD Vulnerability Details :

CVE-2026-35339

Analyzed

Source-security@ubuntu.com

Published At-22 Apr, 2026 | 17:16

Updated At-04 May, 2026 | 20:14

The recursive mode (-R) of the chmod utility in uutils coreutils incorrectly handles exit codes when processing multiple files. The final return value is determined solely by the success or failure of the last file processed. This allows the command to return an exit code of 0 (success) even if errors were encountered on previous files, such as 'Operation not permitted'. Scripts relying on these exit codes may proceed under a false sense of success while sensitive files remain with restrictive or incorrect permissions.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Type: Secondary

Version: 3.1

Base score: 5.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CPE Matches

uutils>>coreutils>>Versions before 0.6.0(exclusive)

cpe:2.3:a:uutils:coreutils:*:*:*:*:*:rust:*:*

Weaknesses

CWE ID	Type	Source
CWE-253	Secondary	security@ubuntu.com

CWE ID: CWE-253

Type: Secondary

Source: security@ubuntu.com

References

Hyperlink	Source	Resource
https://github.com/uutils/coreutils/pull/9793	security@ubuntu.com	Issue Tracking Patch
https://github.com/uutils/coreutils/releases/tag/0.6.0	security@ubuntu.com	Release Notes

Hyperlink: https://github.com/uutils/coreutils/pull/9793

Source: security@ubuntu.com

Resource:

Issue Tracking

Patch

Hyperlink: https://github.com/uutils/coreutils/releases/tag/0.6.0

Source: security@ubuntu.com

Resource:

Release Notes

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History